Handles PII
Posture
critical
1
high
6
medium
6
low
6
Ownership
Findings (24)
low
Container running as root
TrivyContainer
triaged
8.6
low
JWT signed with weak HS256 secret
TruffleHogSecrets
open
5.7
info
Open Redis without auth
SonarQubeSAST
triaged
8.3
high
IAM role with wildcard permissions
CodeQLSAST
open
9.4
high
Race condition in payment idempotency
tfsecIaC
open
5.3
medium
Container running as root
TrivyContainer
open
4
low
Terraform module pins old AMI with CVEs
Scout SuiteCSPM
open
7.4
info
Outdated lodash with prototype pollution
WizCSPM
open
7.5
high
Log4Shell vulnerable dependency
SonarQubeSAST
accepted
7.1
high
SSRF in webhook fetcher
SnykSCA
open
8.4
medium
Log4Shell vulnerable dependency
GitleaksSecrets
false positive
6.2
high
Unencrypted RDS snapshot
Burp Pro PenTestPenTest
triaged
10
info
Missing rate limiting on /login
CodeQLSAST
open
6
critical
Excessive Kubernetes RBAC privileges
OWASP ZAPDAST
open
8.6
medium
IAM role with wildcard permissions
DependabotSCA
triaged
7
medium
Dependency confusion risk on internal package
OWASP ZAPDAST
open
6.8
high
JWT signed with weak HS256 secret
ProwlerCSPM
open
7
info
Terraform module pins old AMI with CVEs
WizCSPM
triaged
5.9
medium
Hardcoded AWS access key in source
GrypeContainer
open
9.2
low
Insecure deserialization in message queue consumer
SnykSCA
open
5.5